Learn Website Hacking / Penetration Testing From Scratch [Video]
- FREE Subscribe Start FREE trial
- $187.99 Video Buy
- Instant online access to over 7,500+ books and videos
- Constantly updated with 100+ new titles each month
- Breadth and depth in over 1,000+ technologies
-
Course Introduction
-
Preparation - Creating a Penetration Testing Lab
-
Preparation - Linux Basics
-
Website Basics
-
Information Gathering
- Gathering Information Using Whois Lookup
- Discovering Technologies Used On the Website
- Gathering Comprehensive DNS Information
- Discovering Websites on the Same Server
- Discovering Subdomains
- Discovering Sensitive Files
- Analysing Discovered Files
- Maltego - Discovering Servers, Domains & Files
- Maltego - Discovering Websites, Hosting Provider & Emails
-
File Upload Vulnerabilities
-
Code Execution Vulnerabilities
-
Local File Inclusion Vulnerabilities (LFI)
-
Remote File Inclusion Vulnerabilities (RFI)
-
SQL Injection Vulnerabilities
-
SQL Injection Vulnerabilities - SQLi In Login Pages
-
SQL injection Vulnerabilities - Extracting Data from the Database
-
SQL injection Vulnerabilities - Advanced Exploitation
- Discovering & Exploiting Blind SQL Injections
- Discovering a More Complicated SQL Injection
- Extracting Data (passwords) By Exploiting a More Difficult SQL Injection
- Bypassing Security & Accessing All Records
- Bypassing Filters
- [Security] Quick Fix to Prevent SQL Injections
- Reading & Writing Files on The Server Using SQL Injection Vulnerability
- Getting a Reverse Shell Access & Gaining Full Control Over The Target Web Server
- Discovering SQL Injections & Extracting Data Using SQLmap
- Getting a Direct SQL Shell using SQLmap
- [Security] - The Right Way to Prevent SQL Injection
-
XSS Vulnerabilities
-
XSS Vulnerabilities – Exploitation
- Hooking Victims to BeEF Using Reflected XSS
- Hooking Victims to BeEF Using Stored XSS
- BeEF - Interacting With Hooked Victims
- BeEF - Running Basic Commands On Victims
- BeEF - Stealing Credentials/Passwords Using A Fake Login Prompt
- Bonus - Installing Veil 3
- Bonus - Veil Overview & Payloads Basics
- Bonus - Generating an Undetectable Backdoor Using Veil 3
- Bonus - Listening For Incoming Connections
- Bonus - Using a Basic Delivery Method to Test the Backdoor & Hack Windows 10
- BeEF - Gaining Full Control over Windows Target
- [Security] Fixing XSS Vulnerabilities
-
Insecure Session Management
- Logging In As Admin without a Password by Manipulating Cookies
- Discovering Cross Site Request Forgery Vulnerabilities (CSRF)
- Exploiting CSRF Vulnerabilities to Change Admin Password Using a HTML File
- Exploiting CSRF Vulnerabilities To Change Admin Password Using Link
- [Security] The Right Way to Prevent CSRF Vulnerabilities
-
Brute Force & Dictionary Attacks
-
Discovering Vulnerabilities Automatically Using Owasp ZAP
-
Post Exploitation
- Post Exploitation Introduction
- Interacting With the Reverse Shell Access Obtained In Previous Lectures
- Escalating Reverse Shell Access to Weevely Shell
- Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc
- Bypassing Limited Privileges & Executing Shell Commands
- Downloading Files from Target Webserver
- Uploading Files to Target Webserver
- Getting a Reverse Connection from Weevely
- Accessing the Database
About this video
Welcome to this comprehensive course on website and web application hacking! In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking. This course is focused on the practical side of penetration testing without neglecting the theory behind each attack. Before jumping into penetration testing, you will first learn how to set up a lab and install the required software to practice penetration testing on your own machine. Then you will learn about websites, how they work, what they rely on, what is meant by a web server, a database, and how all of these components work together to give us functioning websites. Once you understand how websites work we will start talking about how can we exploit these components and this method of communication to carry out a number of powerful attacks. This course will take you from a beginner to a more advanced level. By the time you finish, you will be able to launch attacks and test the security of websites and web applications in exactly the same way that black hat hackers would do, fix these vulnerabilities, and secure websites from them. All the attacks in this course are practical attacks that work against any real websites. For each vulnerability you will learn the basic exploitation, then you will learn advanced methods that will give you more privileges or allow you to bypass security measurements.
Style and Approach
Hands-on learning from scratch
- Publication date:
- April 2018
- Publisher
- Packt
- Duration
- 9 hours 6 minutes
- ISBN
- 9781789346145